Hackfail.htb

If /var/run/docker.sock is accessible, you can use it to spawn a new container that mounts the host's root filesystem. 👑 Phase 4: Privilege Escalation to Root

Check the web application for leaked credentials or look for "Register" buttons that might be open. hackfail.htb

Gitea is the primary vector for gaining a foothold on this machine. Identifying the Vulnerability If /var/run/docker

Navigating to the IP address on port 80 reveals a custom web application. Further directory busting or clicking through links often reveals a development sub-domain or a linked service. In the case of HackFail, you will encounter a instance, a self-hosted Git service popular among developers. 🏗️ Phase 2: Initial Access (Exploiting Gitea) Identifying the Vulnerability Navigating to the IP address

Once you have a shell, you will likely find yourself inside a . Escaping the Container